#!/usr/bin/env sh
set -e
#
# This script is based on the work of Solomon <ssbothwell@gmail.com>.
#   https://github.com/solomon-b/nixos-config/blob/ca047bdbb95859ee902e4750a3b0e018f2396bfe/installer/install-server.sh
#

cleanup() {
  printf '%s\n' 'Cleanup on exit.'
  if [ -d "${temp}" ]; then
    printf '%s\n' 'Deleting local copy of SSH ed25519 key ...'
    rm -rf "${temp}"
  fi
  if [ -d "${pwd_temp}" ]; then
    printf '%s\n' 'Deleting local copy of disk encryption password ...'
    rm -rf "${pwd_temp}"
  fi
}
temp_dir(){
  # Cleanup temporary directories on exit.
  trap cleanup EXIT
  # Create a temporary directory.
  temp="$(mktemp -d)"
}

gen_ssh_key() {
  # Create parent directories.
  install -d -m755 "${temp}/etc/ssh"
  # Generate SSH host key.
  ssh-keygen -t ed25519 -f "${temp}/etc/ssh/ssh_host_ed25519_key" -q -N ""
}
ssh_fingerprint() {
  printf '%s\n' 'host SSH ed25519 fingerprint:'
  ssh-keygen -lf "${temp}/etc/ssh/ssh_host_ed25519_key"
}

gen_initrd_ssh_key() {
  # Create parent directories.
  install -d -m755 "${temp}/etc/secrets/initrd"
  # Generate initrd SSH key.
  ssh-keygen -t ed25519 -f "${temp}/etc/secrets/initrd/ssh_host_ed25519_key" -q -N ""
}
initrd_ssh_fingerprint() {
  printf '%s\n' 'initrd SSH ed25519 fingerprint:'
  ssh-keygen -lf "${temp}/etc/secrets/initrd/ssh_host_ed25519_key"
}

save_pwd() {
  # Create a temporary directory.
  pwd_temp="$(mktemp -d)"

  # Get password from user without echoing.
  # https://stackoverflow.com/a/3980713
  stty -echo
  printf "Disk encryption password: "
  read -r password
  stty echo
  printf "\n"

  stty -echo
  printf "Retype disk encryption password: "
  read -r password2
  stty echo
  printf "\n"

  if [ "${password}" != "${password2}" ]; then
    printf '%s\n' 'Passwords don'\''t match!'
    return 1
  fi

  # Create password-file.
  install -m600 /dev/stdin "${pwd_temp}/pwd.key" << EOF
${password}
EOF
}

main(){
  num_args=2
  if [ "$#" -ne "${num_args}" ]; then
    printf '%s%s%s\n' 'ERROR: ' "${num_args}" ' arguments required'
    return 1
  fi
  for i in "$@"; do
    if [ -z "${i}" ]; then
      printf '%s\n' 'ERROR: All given args must not be empty'
      return 1
    fi
  done
  ssh_port="${1}"
  ssh_target="${2}"

  temp_dir
  gen_ssh_key
  gen_initrd_ssh_key
  save_pwd

#  echo "$temp"
#  echo "$pwd_temp"
#  echo "Press enter start the installation:"
#  read -r _foo

  # Install NixOS to the target machine with our secrets.
  nix --extra-experimental-features nix-command --extra-experimental-features flakes \
    run github:numtide/nixos-anywhere -- --extra-files "${temp}" \
    --disk-encryption-keys /tmp/secret.key "${pwd_temp}/pwd.key" --flake '.#mysystem' \
    -p "${ssh_port}" "${ssh_target}"

  ssh_fingerprint
  initrd_ssh_fingerprint
}
main "$@"